21 messages
Discussion related to Amazon Web Services (AWS)
Archive: https://archive.sweetops.com/aws/
Slackbotalmost 3 years ago
Nave has removed themselves from this channel.
elalmost 3 years ago
Anyone have advice on automatically updating the AMI of a launch template for an ASG? Right now we just periodically apply Terraform. Current thought is to ignore the AMI field in Terraform and write a Lambda to update the launch template, and I'm wondering if there's a better way.
Anand Singhalmost 3 years ago
Hi There
Need small help here https://github.com/cloudposse/terraform-aws-elastic-beanstalk-application
Where to upload application code? Or this terraform code would only setup beanstalk environment
Need small help here https://github.com/cloudposse/terraform-aws-elastic-beanstalk-application
Where to upload application code? Or this terraform code would only setup beanstalk environment
Jamesalmost 3 years ago(edited)
Hi All,
I'm working on something which would collect quarterly and annual report data from booking entity authorities (think like uber and taxi companies). Is there any downside to using Aurora over classic RDS given that the traffic will be low throughout the year, and increase due about a 4 month a year when reports are due 🤔
Any other suggestions are welcome as well. Thanks!
I'm working on something which would collect quarterly and annual report data from booking entity authorities (think like uber and taxi companies). Is there any downside to using Aurora over classic RDS given that the traffic will be low throughout the year, and increase due about a 4 month a year when reports are due 🤔
Any other suggestions are welcome as well. Thanks!
managedkaosalmost 3 years ago
OliverSalmost 3 years ago(edited)
Does anyone have a recommendation for a tool to visualize -- or at least tabulate -- which AWS resources use a particular security group?
Given how many resource types can point to an SG, I'm surprised there isn't an established way to do that (other than pretending to delete the SG from console but this is dangerous and not programmatic). I found a couple of open source projects on github like a python project
Given how many resource types can point to an SG, I'm surprised there isn't an established way to do that (other than pretending to delete the SG from console but this is dangerous and not programmatic). I found a couple of open source projects on github like a python project
sgdeps and a bash one sg-tool but < 40 stars so I figure they are not the go-to solution for this problem.
Jim Parkalmost 3 years ago
TIL you can configure EC2 to use the resource name as the hostname for an EC2 instance, so that when you log into an instance, or query
API | Wizard
kubectl nodes , you can skip the IP address to resource id translation step.API | Wizard
When you launch an EC2 instance with a Hostname type of Resource name, the guest OS hostname is configured to use the EC2 instance ID.
• Format for an instance in us-east-1: _ec2-instance-id_.ec2.internal• Example: _i-0123456789abcdef_.ec2.internal• Format for an instance in any other AWS Region: _ec2-instance-id.region_.compute.internal• Example: _i-0123456789abcdef.us-west-2_.compute.internal
Nishant Thoratalmost 3 years ago
Hello everyone, Amazon Linux 2023 was just released on March 15th! This latest version comes with three significant features:
• Default IMDSv2 support with max two hops, which greatly enhances security posture. To learn more about IMDS, check out my blog: https://lnkd.in/gnTA_brw
• AL2023 utilizes gp3 volumes by default, reducing costs with improved performance.
• Versioned repositories offer more control over packages, allowing for better standardization of workloads.
Check out the official AWS announcement to learn more: https://lnkd.in/g2kPryj8
• Default IMDSv2 support with max two hops, which greatly enhances security posture. To learn more about IMDS, check out my blog: https://lnkd.in/gnTA_brw
• AL2023 utilizes gp3 volumes by default, reducing costs with improved performance.
• Versioned repositories offer more control over packages, allowing for better standardization of workloads.
Check out the official AWS announcement to learn more: https://lnkd.in/g2kPryj8
Balazs Vargaalmost 3 years ago
question:
I have a base role without iam:listroles
is there any way to get assumable roles attached to this role ?
I have a base role without iam:listroles
is there any way to get assumable roles attached to this role ?
Mario Stopferalmost 3 years ago
Hello everyone! We are revealing the pricing for CodeSmash, our new No Code platform! If you want more info, feel free to check it out at https://codesmash.studio
Shreyank Sharmaalmost 3 years ago
Hello,
We are running an Elasticsearch stack(installed using helm) in a 3-node kubernetes cluster in AWS installed using kops
in that we have an Elasticsearch cluster running
1 client
2 data nodes
2 master nodes.
to our Elasticsearch cluster applications will be sending logs (apps in kubernetes and lambdas)using logstash.
Now we are planning to move away from kubernetes and planning to migrate the applications running in Kubernetes to ECS (AWS Elastic Container Services). right now we have around 300 indices with size 20GB with 5 shards and 1 replica.
I have some analysis of how to move data if we migrate the Elasticsearch cluster to dockers running in ec2 and tested it works fine.
there are many reasons why are moving away from kubernetes but one of the reasons is Cost. and 75% of the k8s cluster was used by ealsticsearch.
We don't want to go with Elastic cloud to Open Search as it is costly.
Now my question is what is the best option for us for Elasticsearch once we move away from kubernetes?
1. Docker running in EC2
2. Elastic Container Service (not sure how this will work with EFS storage)
3. On-Prem (not sure if it is one of the options as all our applications are running on the cloud)
Please let me know if there is any better option.
Any help is very much appreciated.
Many thanks.
We are running an Elasticsearch stack(installed using helm) in a 3-node kubernetes cluster in AWS installed using kops
in that we have an Elasticsearch cluster running
1 client
2 data nodes
2 master nodes.
to our Elasticsearch cluster applications will be sending logs (apps in kubernetes and lambdas)using logstash.
Now we are planning to move away from kubernetes and planning to migrate the applications running in Kubernetes to ECS (AWS Elastic Container Services). right now we have around 300 indices with size 20GB with 5 shards and 1 replica.
I have some analysis of how to move data if we migrate the Elasticsearch cluster to dockers running in ec2 and tested it works fine.
there are many reasons why are moving away from kubernetes but one of the reasons is Cost. and 75% of the k8s cluster was used by ealsticsearch.
We don't want to go with Elastic cloud to Open Search as it is costly.
Now my question is what is the best option for us for Elasticsearch once we move away from kubernetes?
1. Docker running in EC2
2. Elastic Container Service (not sure how this will work with EFS storage)
3. On-Prem (not sure if it is one of the options as all our applications are running on the cloud)
Please let me know if there is any better option.
Any help is very much appreciated.
Many thanks.
awlalmost 3 years ago
For anyone in the US who took an AWS exam in person with Pearson: What did you use for your 2nd form of ID? I have a license for #1, but my passport is expired. It seems silly, but can I just show a credit card with my signature on the back? It meets requirements, but seems kind of silly.
Bhavik Patelalmost 3 years ago
I have a CloudFront distribution set up to serve a static website hosted on an S3 bucket. The website is built with React and React Router, which expects the base path to be in the root directory.
I also have a custom domain configured to point to the CloudFront distribution. However, when I navigate to /apply on the custom domain, I get a 404 error. After investigating, I found that CloudFront is routing the request to the S3 origin bucket, but it’s not serving the index.html file in the root directory as expected.
I tried to fix this by updating the Lambda@Edge function to properly direct the /apply path to the index.html file in the root directory of the S3 origin bucket. Here’s the updated function:
Although this works, now my users are getting redirected to the static website URL instead of the custom domain.
I also have a custom domain configured to point to the CloudFront distribution. However, when I navigate to /apply on the custom domain, I get a 404 error. After investigating, I found that CloudFront is routing the request to the S3 origin bucket, but it’s not serving the index.html file in the root directory as expected.
I tried to fix this by updating the Lambda@Edge function to properly direct the /apply path to the index.html file in the root directory of the S3 origin bucket. Here’s the updated function:
'use strict';
exports.handler = (event, context, callback) => {
const request = event.Records[0].cf.request;
const url = request.uri;
const onlyApply = /^\/apply$/;
if (onlyApply.test(url)) {
const newOrigin = {
custom: {
domainName: '<s3-bucket>.<http://s3-website-us-east-1.amazonaws.com|s3-website-us-east-1.amazonaws.com>',
port: 80,
protocol: 'http',
path: '',
sslProtocols: ['TLSv1', 'TLSv1.1', 'TLSv1.2']
}
};
request.origin = newOrigin;
request.uri = '/index.html'; // append index.html to the URI
}
const response = event.Records[0].cf.response || {};
if (onlyApply.test(url)) {
response.status = '301';
response.statusDescription = 'Moved Permanently';
response.headers = response.headers || {};
response.headers['location'] = [{ key: 'Location', value: 'https://' + request.headers.host[0].value + '/index.html' }]; // append index.html to the Location header
}
callback(null, response);
};Although this works, now my users are getting redirected to the static website URL instead of the custom domain.
Nishant Thoratalmost 3 years ago
Hey there everyone!
Hope you're all doing well. I'm looking for some insights on maintaining resource tag hygiene in AWS environments. I'd love to hear your thoughts on how you standardize and enforce resource tags across your teams, projects, and deployments.
Additionally, I'm currently working on a tool to help with tags hygiene, and I would be thrilled to receive any feedback or comments from you all. If anyone is interested in working more closely with me on this, feel free to DM me or drop a note in the comments.
Thank you all in advance for your help and support!
Hope you're all doing well. I'm looking for some insights on maintaining resource tag hygiene in AWS environments. I'd love to hear your thoughts on how you standardize and enforce resource tags across your teams, projects, and deployments.
Additionally, I'm currently working on a tool to help with tags hygiene, and I would be thrilled to receive any feedback or comments from you all. If anyone is interested in working more closely with me on this, feel free to DM me or drop a note in the comments.
Thank you all in advance for your help and support!
Renesh reddyalmost 3 years ago(edited)
Hi <!subteam^S0316FFT4M9|@cloudposse-team>
I have created VPN and associated with 2 private subnets which are routed by NAT. Able to connect VPN.
Trying to connect RDS DB getting issues nodename or service provider, or not known.
I have allowed IP's and ports for VPN and RDS security groups.
Not sure what would be the issue. ?
I have created VPN and associated with 2 private subnets which are routed by NAT. Able to connect VPN.
Trying to connect RDS DB getting issues nodename or service provider, or not known.
I have allowed IP's and ports for VPN and RDS security groups.
Not sure what would be the issue. ?
Nitinalmost 3 years ago(edited)
Hello Team,
We today we are facing sudden issue rds-cluster module. It tring to replacing our existing infrasture. because it is now using cluster_identifier_prefix instead of cluster_identifier. any idea how we can resolve this issue?
We today we are facing sudden issue rds-cluster module. It tring to replacing our existing infrasture. because it is now using cluster_identifier_prefix instead of cluster_identifier. any idea how we can resolve this issue?
Nitinalmost 3 years ago(edited)
resource "aws_rds_cluster" "primary" {~ allocated_storage = 1 -> (known after apply)~ arn = "arn:aws:rds:[MASKED]:[MASKED]:cluster:renamed" -> (known after apply)~ availability_zones = [- "[MASKED]a",- "[MASKED]b",- "[MASKED]c",] -> (known after apply)+ cluster_identifier_prefix = (known after apply)~ cluster_members = [- "renamed-1",] -> (known after apply)~ cluster_resource_id = "cluster-renamed" -> (known after apply)~ database_name = "renamed" -> (known after apply)- enabled_cloudwatch_logs_exports = [] -> null~ endpoint = "renamed.cluster-asdfsafdasdfasdf.[MASKED].<http://rds.amazonaws.com|rds.amazonaws.com>" -> (known after apply)~ engine_version_actual = "13.9" -> (known after apply)~ hosted_zone_id = "Z2VFMSZA74J7XZ" -> (known after apply)~ iam_roles = [] -> (known after apply)~ id = "renamed" -> (known after apply)- iops = 0 -> null~ master_username = "renamed" -> (known after apply)~ port = 5432 -> (known after apply)~ reader_endpoint = "renamed.cluster-ro-asdfsafdasdfasdf.[MASKED].<http://rds.amazonaws.com|rds.amazonaws.com>" -> (known after apply)- storage_type = "aurora" -> null # forces replacementtags = {}# (24 unchanged attributes hidden)# (1 unchanged block hidden)}Nitinalmost 3 years ago
this is sudden issue. till last week it was working
Hamdi Hassanalmost 3 years ago
Hey Everyone
Any one who is good at Regex Expressions
Any one who is good at Regex Expressions
Christof Bruylandalmost 3 years ago(edited)
Hi all, just a quick question: what are you using for web based management of the EKS cluster on AWS?
Ryan Raubalmost 3 years ago
How does everyone manage the AWS service notification emails? Shared google group is what we’ve been using and I feel like this has grown to the point that its out of hand. I want to setup a better process to have multiple people be able to triage these while not letting any slip through the cracks. I really don’t want to point these emails directly at Jira but its the current front runner of ideas.